View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 8, 2019

German Hacker Caught: “Acted Alone” Say German Investigators

"Acted out of annoyance over public statements made by politicians"

By CBR Staff Writer

We called it: “The culprit is going to get caught soon“. There looked to be too many breadcrumbs in Germany’s recent devastating data dump, which included personal chat logs and details on nearly 1,000 politicians, including Chancellor Angela Merkel.

Now Germany’s BKA (the country’s federal police agency) say a 20-year-old German hacker has confessed to the hack, saying they have arrested the student who reportedly lives with his parents in the Central Hesse county. He appears to have acted alone.

“The defendant stated that he acted out of annoyance over public statements made by the politicians, journalists and public figures concerned” the BKA said

German Hacker Caught: BKA Says Confession Taken 

“Investigations have so far revealed no evidence of third party participation” the BKA added in a German-language release, saying the man had “comprehensively acknowledged the allegations against him and provided information on his own offenses”. He was subsequently released due to a “lack of grounds for detention”. 

If confirmed in court, the confession may prove an embarrassment to the no-small-number of cybersecurity companies who emailed Computer Business Review after the hack, immediately pointing the finger at Russian APT groups, with no apparent forensic evidence (we declined to publish these claims, absent any evidence*).

Early evidence suggested social engineering attacks on a limited number of German politicians had exposed social media and Outlook logins that had been used to move laterally through systems, although this has yet to be confirmed.

(While this appear to have been some major and highly embarrassing leaks, despite the data volumes, other detail on many of the politicians was thin and appeared to have been collated from publicly available sources.)

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

See also: 5 Things We Know about the German Hack, from Porn to Mirrors

He has been released on the condition that he does not leave his parents’ house and continues to cooperate, the Guardian reports, citing Georg Ungefug, a spokesman for the central office for fighting internet crime in Wiesbaden, who described him as having “extensive knowledge of computers”, with no official qualifications, but in possession of “considerable interest and a lot of time” to carry out his attack.

The leaks were made with strenuous effort to ensure they were not immediately removed, with thousands of mirrors to ensure online resilience – but analysis also showed that the hacker had struggled for some time to gain attention for the hack and had deleted thousands of tweets and likes prior to the data dump, archived versions of which pointed to a German national, perhaps with a gamer background.

*We acknowledge the rampant activity of Russian threat actors. We like to see evidence though. See also: Russians in your Router: Unprecedented Joint Technical Alert from UK and US Intelligence



Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.